If not need to share the OS version youn are installing the fastnetmon add at the end of the command

--do-not-track-me

If you need to start the fastnetmon process you can use this command:

/opt/fastnetmon/fastnetmon

or you can run this process in the backgroung adding a “&” at the end of the command

/opt/fastnetmon/fastnetmon &

In another console in the same machine start the client process:

/opt/fastnetmon/fastnetmon_client

To enable fastnetmon to start on server startup, please add the following line to /etc/rc.local:

/opt/fastnetmon/fastnetmon --daemonize

If something goes wrong you can check the following log file:

tail -f /var/log/fastnetmon.log

When an incoming or outgoing attack occurs, the program calls a bash script twice (if it exists):

/usr/local/bin/notify_about_attack.sh

The first time when threshold exceed (at this step we know IP, direction and power of attack). Second when we collect 100 packets for detailed audit of what happened.A sample script is provided and can be installed as follows:

For big networks please enlarge number of created file in /etc/carbon/carbon.conf:

MAX_CREATES_PER_MINUTE = 5000
And if you want to store data every 5 seconds for 1 months please do following
before starting collection to Graphite in file /etc/carbon/storage-schemas.conf: [default_5sec_for_1month]
pattern = .*
retentions = 5s:31d